Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

3

08a683769d...53.exe

windows7-x64

9

08a683769d...53.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2024, 20:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    08a683769d3e3d1e31a68534a5f855a0dd394c391ee7b278ab69c05c6caddf53.exe

  • Size

    61KB

  • MD5

    8a6482ace82910ef617751edfa48fdd6

  • SHA1

    fac0cfe15821914a9dd16ff9b50a633431ae1139

  • SHA256

    08a683769d3e3d1e31a68534a5f855a0dd394c391ee7b278ab69c05c6caddf53

  • SHA512

    bfe8bb01c013a518db39abbdb95ad9f62c042791356943741a6b6986e409e385808643fde2b0f0319a95ee0bc230e666a8ef9716fd222097701cb00999e20f1b

  • SSDEEP

    768:W7BlphA7dASbSjJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiBhRKu:W7ZhA7dABJJ7TTQoQNKu

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3736) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\08a683769d3e3d1e31a68534a5f855a0dd394c391ee7b278ab69c05c6caddf53.exe
    "C:\Users\Admin\AppData\Local\Temp\08a683769d3e3d1e31a68534a5f855a0dd394c391ee7b278ab69c05c6caddf53.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    61KB

    MD5

    8ba9b851fb9e0eb93860715fd38075de

    SHA1

    db8aa8e7b182f608da256d0747819504be2201bc

    SHA256

    d9c3db09a8f892e5b12d70f1ba712f3208863c51a9cd9d7b575b0bf5342034c5

    SHA512

    46d71e462126371855741bafd96b36fc6d330b68158ff447b3f815b3c60d02a6afcee252821c703889901236119496013f4643329880784a84d0d395aaaa1949

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    70KB

    MD5

    101a2896e7c2e7226870acd5fb9951fc

    SHA1

    82d24aaa71a990be7a47f10725acfef0b29df226

    SHA256

    09e94a11ccd75d2d51ba0328d597638475576e07b52bc739f0435c99a4a6d85c

    SHA512

    347d8d9610083a32ef145373033f67357339b827d9c8c1c6ef36ef2f1891bd297a6d037859f16f5be1d5ba7dc91d7149cf4a1f29b53d3f2aa20fe37b5c8a529f

    Download Submit